Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unit 2: Cyber Security Part 3 Monitoring Tools & other Security Products.

Similar presentations


Presentation on theme: "Unit 2: Cyber Security Part 3 Monitoring Tools & other Security Products."— Presentation transcript:

1 Unit 2: Cyber Security Part 3 Monitoring Tools & other Security Products

2 Network Administrator’s Tools and Utilities Network administrators use a wide variety of software ________ to monitor, diagnose and control the network around them. There are certain basic administrative, troubleshooting and monitoring tools and utilities that every cyber security specialist should have in their toolbox. Monitoring Tools Are needed to secure a network!!!! These tools can be used to ensure that servers (or even specific services on those servers) are up and running or they can be used to simply monitor data flow. Typically, server or service monitoring products will send requests to that service and measure the response (Example: HTTP request to a web server)

3 Packet Analyzers A packet analyzer is typically inserted into the network so that network traffic flows through it allowing packets to be captured in real time. As the network traffic passed through the analyzer, it “________” the packets looking for ___________ activity or just logs what’s going on. Packet and protocol analyzers require two network interfaces so they can examine the network activity as it flows through them.

4 Nagios and Icinga Monitoring Tools Nagios - is a __________________ tool used to monitor critical IT infrastructure components, including system metrics, network protocols, applications, services, servers and networks. It is probably the most well known network monitoring tool that still has a free version but has grown to offer a full-featured commercial enterprise version as well. Icinga - is a monitoring tool that checks the ____________ of your resources, notifies users of outages and provides extensive Business Intelligence (BI) data, It is an interesting open source alternative that is more full-featured than the free version of Nagios. Both products have plenty of monitoring, reporting and notification options that are best suited to uptime monitoring but can monitor performance as well.

5 Solar Winds and Microsoft Network Monitor Monitoring Tools SolarWinds offers an incredibly powerful commercial network performance ___________ product. While this product is somewhat expensive it is immensely powerful and can monitor uptime, performance, traffic flow, utilization and offer a plethora of reporting, graphing and notification options. Microsoft Network Monitor is a packet analyzer that can help you view your traffic flows and troubleshoot network problems. As you might expect this product does a wonderful job interacting with proprietary Microsoft protocols but most common public protocols are supported as well.

6 Wireshark Wireshark ( wireshark.org ) is a mature open-source and cross-platform network protocol ________________. It is probably the most well known protocol analyzer and it supports just about every protocol and runs on nearly any platform. Wireshark is a valuable tool for capturing and subsequently analyzing traffic to discover as well as troubleshoot network issues. It can be used to learn more about the protocols used on a given network. This tool is easy to employ but requires experience and practice to accurately analyze the results it produces. However, every network admin should have this product in their arsenal.

7 Wireshark

8 Snort Monitoring Tool Snort ( snort.org ) an open source, cross-platform intrusion ________________ system that provides real-time traffic analysis, packet logging, and protocol analysis, active detection for worms, port scans and vulnerability exploit attempts. It is useful in monitoring the network in real time. It is well suited to identifying probes and attacks but can act as a network sniffer as well. Snort is an excellent product for networks that feature public services.

9 Snort Network Monitoring Tool

10 Nmap Network Monitoring Tool Nmap ( nmap.org ) is a security __________ used to discover hosts and services on a computer network thus creating a “map” of the network. It is an open source and cross-platform network mapper utility for discovery and security auditing performing network inventory, as well as monitoring and upgrade scheduling. It is an excellent product for examining and profiling your network as well as discovering ports and versions.

11 Nikto Network Monitoring Tool Nikto ( cirt.net/nikto2 ) is an open-source web server __________ that can identify issues on a web server. Nikto - is an open web server scan which performs comprehensive tests against against multiple items including 6,400 potentially dangerous files/CGI checks for outdated version of over 1200 servers and version specific problems for over 270 servers. https://www.google.com/search?q=Nikto&safe=active&rls=com.microsoft:en-US:IE- Address&source=lnms&tbm=isch&sa=X&ved=0CAcQ_AUoAWoVChMIl_TvwdujyAIVRDU- Ch0_oQlK&biw=1366&bih=652#imgrc=-ueJXmVFIeE2HM%3A economic

12 Open VAS Network Monitoring Tool OpenVAS ( openvas.org ) is an open-source vulnerability _________ for Linux and Windows that is a fork of the last free version of the now commercial Nessus. Built as a full vulnerability management solution this tool uses SCAP and can perform a number of network vulnerability tests ( NVT ) and look for common vulnerabilities and exposures ( CVE ). This product has a bit of a learning curve but it is a well respected and powerful tool worth consideration.

13 Metasploit Network Monitoring Tool Metasploit ( metasploit.com ) is one of the most popular open- source Penetration _________ frameworks available. It is available for both Windows and Linux environments. It is commonly used to identify and validate network vulnerabilities, including simulating attacks that prey on human vulnerabilities. Metasploit can also be used to prioritize responses to network vulnerabilities discovered.

14 Browser Exploit Framework Network Monitoring Tools The Browser Exploitation Framework ( BeEF ) ( beefproject.com ) is a notable open-source __________________ testing tool, but it focuses on web-borne attacks through a web browser. EF is available for MacOS, Windows and Linux.

15 Other Security Products Nessus- market defining vulnerability ____________ for auditors and security analysts Core Impact Penetration Testing Software - the most powerful exploitation tool available. Cost 30,000 Nexpos (Rapid 7) is a vulnerability scanner which aims to support the entire vulnerability management lifecycle, including discovery, detection verification and risk management hardware solutions such as – Netscout from nGenius – that offer serious solutions for monitoring network services and performance. Every network should have some sort of monitoring enabled at all times and every network administrator should have access to a dependable packet sniffing tool too.


Download ppt "Unit 2: Cyber Security Part 3 Monitoring Tools & other Security Products."

Similar presentations


Ads by Google